This week's book giveaway is in the JavaScript forum.
We're giving away four copies of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js and have Paul Jensen on-line!
See this thread for details.
Win a copy of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Oh my! Did I do a bad thing (security issue).  RSS feed

 
Darrin Smith
Ranch Hand
Posts: 276
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a servlet that reads images from a database. When the image isn't there, I want to read a default image.

Now, I know that I can have a default image on disk, but since there is already a default image inside of the resource of my web app, I thought that it would be best to read it from there. When I try that though I get this:

[#|2005-06-20T15:13:50.917-0500|INFO|sun-appserver-pe8.0.0_01|javax.enterprise.system.stream.out|_ThreadID=16;|
access denied (org.apache.naming.JndiPermission jndi:/server/myapp/resources/noimage.JPG)|#]

[#|2005-06-20T15:13:50.917-0500|WARNING|sun-appserver-pe8.0.0_01|javax.enterprise.system.stream.err|_ThreadID=16;|
java.security.AccessControlException: access denied (org.apache.naming.JndiPermission jndi:/server/myapp/resources/noimage.JPG)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
at java.security.AccessController.checkPermission(AccessController.java:401)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
at sun.awt.SunToolkit.getImageFromHash(SunToolkit.java:437)
at sun.awt.SunToolkit.getImage(SunToolkit.java:490)
at javax.swing.ImageIcon.<init>(ImageIcon.java:119)


The code I'm using looks like this:



I think that you should be able to set the permission in the server.policy file up to allow this, but the bigger issue is should this even be done to begin with? In other words, is this really a "bad thing" to do (read the image that the servlet needs from the resources)?

If not, any pointers on what the permission should look like?

My guess is:


but that is just a guess!

Thanks.
 
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!